Skill UI

This skill guides the implementation and maintenance of compliance controls for North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards. It covers key areas including asset categorization (CIP-002), electronic security perimeters (CIP-005), system security management (CIP-007), and supply chain risk management. Use this when auditing, updating, or establishing compliance measures for Bulk Electric System (BES) cyber assets.

Suricata is a high-performance, open-source network threat detection engine used for deep packet inspection. This skill details the deployment and configuration of Suricata in Intrusion Prevention System (IPS) mode. It covers setting up custom rules, integrating third-party rulesets (like Emerging Threats), and actively blocking malicious traffic in real time, making it essential for robust network security and compliance enforcement.

OPA Gatekeeper is a powerful Kubernetes admission controller that enforces policies using Rego rules. It utilizes ConstraintTemplates and Constraints to validate, mutate, or deny API requests at the cluster admission stage. This tool is essential for implementing policy-as-code practices, ensuring that Kubernetes deployments adhere to organizational security standards, compliance requirements, and best practices, such as mandating labels or blocking privileged containers.

This guide details passive OT network traffic analysis using Nozomi Networks Guardian sensors. It provides methods to achieve comprehensive asset visibility, real-time threat detection, and vulnerability assessment across sensitive Industrial Control Systems (ICS) without disrupting operations. It is crucial for building robust OT Security Operations Centers (SOCs) and ensuring compliance with industry standards like IEC 62443.

A comprehensive guide to deploying and configuring Proofpoint Email Protection as a Secure Email Gateway (SEG). This solution establishes a critical security checkpoint that uses advanced ML, sandboxing, and threat intelligence to detect and block sophisticated threats, including phishing, malware, BEC, and spam, before they reach the user inbox. Ideal for organizations strengthening their email security architecture and meeting compliance standards.

This guide details the implementation of a robust, ransomware-resilient backup architecture following the extended 3-2-1-1-0 rule. It covers critical steps such as classifying assets, defining RPO/RTO, implementing immutable or air-gapped storage, and isolating backup credentials from the production domain. Use this knowledge to design a multilayered defense against data loss and ensure reliable recovery points.

This guide details the implementation of comprehensive security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection. It covers deploying the Datadog Agent across hybrid cloud infrastructure (AWS, Azure, GCP), ingesting critical log sources (CloudTrail, VPC Flow Logs, etc.), configuring Workload Protection, and creating custom detection rules to detect threats, enforce compliance, and provide centralized SOC visibility.

This skill guides the implementation of Security Orchestration, Automation, and Response (SOAR) workflows using platforms like Splunk Phantom. It automates the entire incident lifecycle, including alert triage, IOC enrichment (via VirusTotal, CrowdStrike), containment actions, and ticket creation (ServiceNow). Ideal for SOC teams needing to reduce Mean Time To Respond (MTTR) and standardize complex security procedures across multiple tools.

This skill guides the deployment and configuration of a TAXII 2.1 server using OpenTAXII. It enables automated, standardized exchange of STIX-formatted cyber threat intelligence (CTI) indicators between organizations. Use cases include establishing secure threat sharing pipelines, integrating with SIEM/SOAR platforms, and meeting stringent compliance requirements.

This skill provides a comprehensive guide to implementing robust USB device control policies. It restricts unauthorized removable media access to mitigate data exfiltration risks and prevent malware introduction via USB endpoints. Learn how to deploy granular policies using Group Policy Objects (GPO), Microsoft Intune, or advanced Endpoint Detection and Response (EDR) platforms to meet strict compliance standards.

Utilize Velociraptor, an advanced open-source platform, to collect, query, and monitor forensic artifacts across diverse endpoints (Windows, Linux, macOS). This skill enables incident response teams to perform large-scale, rapid digital forensic investigations by collecting critical data such as event logs, registry entries, prefetch files, and network metadata using VQL queries.

This skill guides the end-to-end deployment of Zero Trust Network Access (ZTNA) using Zscaler Private Access (ZPA). It replaces traditional, perimeter-based VPNs by enforcing identity-based, context-aware microsegmentation. Learn to configure Identity Provider integration, deploy App Connectors, define granular application segments, and establish robust access policies for secure, outbound-only connections.